1. Agreement to Terms

By accessing or using ConformAI ('Service'), you agree to be bound entirely by these Terms of Service ('Terms'), our Privacy Policy, and any applicable Data Processing Agreement. If you do not agree with any provision, cease using the Service immediately. ConformAI reserves the right to modify these Terms with 30 days' email notice for material changes. Continued use after notice constitutes acceptance of updated Terms. These Terms together with the Privacy Policy and DPA constitute the entire agreement.

2. Service Description

2.1 Overview

ConformAI is a Software-as-a-Service (SaaS) platform designed to help organizations comply with the EU AI Act and related data protection regulations. The service provides tools for:

• Tracking and documenting AI systems
• Assessing regulatory risk classifications
• Managing compliance obligations and checklists
• Generating compliance documentation
• Monitoring regulatory changes and alerts
• Cross-mapping GDPR and EU AI Act requirements

2.2 Service Availability

ConformAI operates on a 24/7 basis. However, we may conduct scheduled maintenance with advance notice. See the Service Level Agreement (Section 5) for uptime commitments.

2.3 Professional Advice Disclaimer

ConformAI is a compliance management tool, not legal or professional advice. The recommendations, classifications, and documentation generated by our platform should be reviewed by qualified legal and compliance professionals. ConformAI cannot guarantee compliance with applicable laws—that responsibility remains with your organization.

3. Acceptable Use Policy

3.1 Permitted Use

You agree to use ConformAI only for lawful purposes and in compliance with all applicable laws and regulations, including the EU AI Act, GDPR, and this Agreement.

3.2 Prohibited Activities

You may not:

• Attempt to gain unauthorized access to ConformAI systems or accounts
• Reverse engineer, decompile, or otherwise extract source code
• Interfere with or disrupt the integrity of the service
• Transmit malware, viruses, or harmful code
• Attempt to circumvent security measures or access controls
• Engage in any form of data mining or scraping
• Sell, resell, or redistribute access to ConformAI
• Use the service for automated testing or benchmarking without consent
• Transmit illegal content or content that violates third-party rights
• Harass, threaten, or defame other users or ConformAI staff

3.3 Consequences of Violation

Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account without refund. ConformAI reserves the right to investigate violations and cooperate with law enforcement.

4. Subscription & Billing

4.1 Subscription Plans

ConformAI offers four subscription tiers: Free, Essentials, Professional, and Enterprise. Detailed pricing and features are available on our Pricing page.

4.2 Billing Cycle

• Monthly Plans: Billed on the same day each month
• Annual Plans: Billed once per year (20% discount applied)

4.3 Payment Processing

All payments are processed through Paddle, our certified payment processor (PCI-DSS compliant). We do not store credit card information on our servers. By providing payment details, you authorize Paddle to collect payment on your behalf.

4.4 Automatic Renewal

Subscriptions automatically renew at the end of each billing period unless you cancel before the renewal date. Cancellation can be completed in your Settings or by contacting [email protected].

4.5 Failed Payments

If payment fails, Paddle will attempt to retry for up to 15 days. If payment ultimately fails, your account may be suspended until payment is received.

4.6 Price Changes

ConformAI may change subscription pricing with 30 days' notice. Changes apply to renewals only; your current billing period remains at the existing price.

5. Service Level Agreement (SLA)

5.1 Uptime Commitment

• Free & Essentials: 95% uptime SLA
• Professional: 98% uptime SLA
• Enterprise: 99.9% uptime SLA with custom terms

5.2 Planned Maintenance

ConformAI conducts scheduled maintenance primarily during weekends (UTC time zone). We provide at least 48 hours' notice via email for maintenance windows exceeding 30 minutes.

5.3 Service Credits

If ConformAI fails to meet its uptime SLA in any billing month, you may be eligible for service credits. Credits are calculated as a percentage of your monthly subscription fee based on actual downtime and are applied to your next billing period. Service credits do not constitute a refund and are the sole remedy for SLA violations.

5.4 Exclusions

The SLA excludes:

• Scheduled maintenance and planned downtime
• Downtime caused by third-party services (Supabase, Paddle, Resend)
• Issues caused by your network or equipment
• DDoS attacks and security events
• Force majeure events

6. Data Security & Your Responsibilities

6.1 Security Measures

ConformAI implements industry-standard security measures including:

• AES-256 encryption at rest and TLS 1.3 in transit
• Role-based access control (RBAC)
• Two-factor authentication (2FA)
• Regular security audits and penetration testing
• Compliance with ISO 27001 and SOC 2 Type II

6.2 Your Responsibilities

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Protecting your password and not sharing it with others
• Notifying us immediately of unauthorized access
• Ensuring authorized users have appropriate access levels
• Backing up critical compliance data outside the platform

6.3 Incident Reporting

If you believe ConformAI has experienced a data breach or security incident affecting your data, notify us immediately at [email protected]. We will investigate and provide a written report within 10 business days.

7. Limitation of Liability & Indemnification

7.1 Disclaimer of Warranties

AS-IS AND AS-AVAILABLE: ConformAI is provided 'as-is' and 'as-available' without warranties of any kind, express, implied, statutory, or otherwise. ConformAI explicitly disclaims all warranties including: (a) merchantability, (b) fitness for a particular purpose, (c) non-infringement, (d) accuracy, completeness, or reliability, (e) that the Service will be error-free or uninterrupted, (f) that defects will be corrected, (g) that results will meet your expectations. ConformAI does not warrant that recommendations will achieve compliance or that tools will function without error.

7.2 Liability Cap

Maximum Total Liability: Except where prohibited by law, ConformAI's maximum total aggregate liability to you for any and all claims arising from these Terms or the Service shall not exceed the total amount you paid for the Service in the 12 months immediately preceding the claim, with a minimum of zero euros. This cap applies to all claims of any kind and all legal theories (contract, tort, negligence, strict liability, etc.).

Excluded Damages: In no event shall ConformAI be liable for: (a) indirect, incidental, special, or consequential damages, (b) lost profits, revenue, or anticipated savings, (c) loss of data or business opportunities, (d) regulatory fines, penalties, or enforcement actions, (e) reputational harm or business interruption, (f) non-compliance with applicable laws, (g) any damages arising from regulatory investigations or enforcement.

7.3 User Indemnification

Indemnification Obligation: You agree to indemnify, defend (with counsel acceptable to ConformAI), and hold harmless ConformAI and its officers, directors, employees, agents, successors, and assigns from and against any and all third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from or related to:

• Your use of the Service in violation of these Terms or applicable law
• Your failure to implement recommendations or ensure legal compliance
• Claims by regulators, employees, customers, or third parties related to your AI systems or compliance status
• Your violation of any EU law, regulation, or third-party rights
• Data you input, process, or upload into the Service that violates rights or laws
• Your reliance on ConformAI recommendations without independent legal review
• Regulatory fines or penalties imposed on your organization

Indemnification Procedures: You shall indemnify ConformAI within 30 days of receiving written notice of a claim. ConformAI shall provide prompt written notice and reasonable cooperation. ConformAI may participate in defense at your expense.

7.4 Exceptions to Liability Limitations

Liability limitations do not apply to claims arising from: (a) ConformAI's gross negligence or willful misconduct, (b) ConformAI's material breach of confidentiality obligations, (c) ConformAI's violation of your intellectual property rights, (d) ConformAI's unauthorized disclosure of your personal data or breach of data protection obligations, (e) fraudulent misrepresentation by ConformAI, (f) claims that cannot be limited by law (such as certain consumer protection rights).

8. GDPR & Data Processing Agreement

8.1 Data Controller and Processor Roles

You are the data controller of personal data you upload to ConformAI. ConformAI acts as a data processor. We process personal data only on your documented instructions and in accordance with our Data Processing Agreement (DPA).

8.2 Data Processing Agreement

A comprehensive Data Processing Agreement (DPA) compliant with GDPR Article 28 is available upon request. The DPA covers:

• Data processing scope and purposes
• Data subject rights and obligations
• Sub-processor authorization and management
• Data security and confidentiality requirements
• Deletion and return of data upon termination
• Audit and compliance mechanisms

8.3 Sub-processors

ConformAI uses the following sub-processors:

• Supabase: Database and infrastructure hosting (EU-based)
• Paddle: Payment processing
• Plausible Analytics: Usage analytics (GDPR-compliant, anonymized)
• Resend: Email delivery

You authorize use of these sub-processors. Notification of changes to sub-processors will be provided 30 days in advance.

8.4 International Data Transfers

ConformAI stores all personal data of EU residents within the European Union. We do not transfer data outside the EU without appropriate legal mechanisms and your explicit consent.

9. Refund Policy

9.1 EU Consumer Rights (14-Day Cooling-Off)

If you are a consumer under EU law, you have the right to cancel your subscription and receive a full refund within 14 days of purchase, without providing a reason. This applies to subscriptions purchased as an individual consumer, not business customers.

9.2 Business Refund Policy

For business customers:

• Monthly subscriptions can be cancelled anytime with refunds processed within 10 business days
• Annual subscriptions: Pro-rata refund based on days remaining if cancelled within 30 days of purchase
• After 30 days, annual subscriptions are non-refundable (but can be cancelled to stop future charges)

9.3 Cancellation Process

To request a refund or cancel your subscription, visit your Settings page or email [email protected] with your account details.

9.4 Service Credits

Service credits (e.g., for SLA violations) are not refundable cash but are applied to your account for future use.

10. Governing Law & Jurisdiction

Governing Law: These Terms of Service are governed by and construed in accordance with the laws of Ireland, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods shall not apply.

EU Consumer Rights: For customers who are consumers under EU law, mandatory EU consumer protection rights apply in addition to these Terms and cannot be waived or limited.

11. Dispute Resolution

11.1 Informal Resolution Requirement

Before initiating formal proceedings, you agree to contact ConformAI at [email protected] in writing. Both parties agree to negotiate in good faith for 30 days to attempt amicable resolution. This requirement does not apply to injunctive relief claims.

11.2 Binding Arbitration (B2B Customers Only)

For Business Customers: You and ConformAI agree that any dispute, claim, or controversy arising from or related to these Terms or the Service shall be resolved exclusively through binding arbitration under the Rules of the International Chamber of Commerce (ICC), except for: (1) intellectual property disputes, (2) claims for injunctive relief or emergency equitable remedies, (3) claims brought in small claims or equivalent proceedings.

Arbitration Terms: Arbitration shall be conducted by a single arbitrator (or three if the claim exceeds EUR 500,000), in English, seated in Dublin, Ireland. The arbitrator shall apply Irish law. Costs are split equally unless the arbitrator determines otherwise. The arbitration decision is final and binding and not subject to appeal.

11.3 Consumer Dispute Resolution (Consumer Customers Only)

For EU Consumers: You may submit disputes to your local alternative dispute resolution (ADR) provider or competent court in your EU member state. You may not be forced into arbitration. ConformAI accepts the jurisdiction of courts in your member state for consumer disputes.

11.4 Class Action Waiver (B2B Only)

NO CLASS ACTIONS: Business customers waive the right to participate in any class action, class arbitration, or representative action. All disputes must be resolved individually. This waiver does not apply to EU consumer customers.

12. General Provisions

12.1 Intellectual Property

ConformAI retains all intellectual property rights to the platform, software, documentation, features, recommendations, and analysis. Your use constitutes a limited, non-exclusive, non-transferable license to use the Service as provided. You may not reverse engineer, decompile, or attempt to derive the source code or algorithms. You retain ownership of data you input, subject to ConformAI's rights to process and analyze it to provide the Service.

12.2 Termination

Termination by You: You may terminate your account at any time. Upon termination, your subscription ends and you lose access. We will delete personal data within 30 days unless legal requirements dictate retention.

Termination by ConformAI: ConformAI may immediately suspend or terminate your account without prior notice if: (1) you violate these Terms or Acceptable Use Policy, (2) you engage in illegal or fraudulent activity, (3) payment fails and remains unpaid 30 days after notice, (4) you threaten, harass, or abuse our staff or other users, (5) your use poses security, legal, or regulatory risk in ConformAI's sole discretion, (6) you breach your confidentiality obligations.

Upon termination for cause, no refunds are issued. You have 30 days to export compliance data. We will delete personal data within 90 days unless legal holds or regulatory requirements apply. Backups may be retained for up to 1 year for disaster recovery purposes.

12.3 Force Majeure

ConformAI shall not be liable for any failure or delay caused by events beyond reasonable control, including: acts of God, natural disasters, war, terrorism, pandemics, strikes, government actions, internet disruptions, or failure of third-party services. Force majeure events do not constitute breach and suspend ConformAI's obligations for the event duration plus 30 days.

12.4 Severability

If any court or arbitrator finds any provision of these Terms invalid or unenforceable, that provision will be modified to the minimum extent necessary to make it valid, and all remaining provisions will continue in full effect. The parties intend for this agreement to be enforceable to the maximum extent permitted by law.

12.5 Waiver & Non-Enforcement

ConformAI's failure to enforce any provision does not constitute a waiver of that provision or any other right. No waiver is effective unless in writing and signed by ConformAI. If ConformAI waives enforcement in one instance, this does not waive enforcement in other instances or of other provisions.

12.6 Entire Agreement

These Terms of Service, together with our Privacy Policy, Data Processing Agreement, and any other terms or policies referenced here, constitute the entire agreement between you and ConformAI and supersede all prior agreements, understandings, negotiations, and discussions, whether written or oral. No document, email, or representation modifies these Terms except by written amendment signed by both parties.

12.5 Contact Information

For questions about these Terms of Service, contact us at: